beforeCommittee on Homeland Security and Government AffairsUnited States Senate

Tuesday June 11, 2013

Good morning, Chairman Carper, Ranking Member Coburn and members of this Committee. My name is Frank Baitman and I am the Deputy Assistant Secretary for Information Technology and Chief Information Officer (CIO) at the U.S. Department of Health and Human Services (HHS). I am honored to join you here today.

Under the leadership of Secretary Kathleen Sebelius, HHS is committed to the effective and efficient management of our information resources in support of our public health mission, human services program, and the United States health system. Our information technology (IT) portfolio is sizable, including support for a number of grant programs that provide IT resources to state, local, and tribal governments in support the programs administered by HHS. The portfolio also supports everything from commodity IT to our broad portfolio of mission systems. IT is mission-essential to everything we do at HHS, and it is essential that we manage IT as carefully as any other aspect of our programs.

HHS is a large department with a diverse set of missions. Our operating divisions include: the Administration for Children and Families, the Administration for Community Living, the Agency for Healthcare Research and Quality, the Centers for Disease Control and Prevention, the Centers for Medicare and Medicaid Services, the Food and Drug Administration, the Health Resources and Services Administration, the Indian Health Service, the National Institutes of Health, and the Substance Abuse and Mental Health Services Administration. We manage our IT portfolio through a federated governance structure. The vast majority of the Department’s IT resources are directly tied to appropriations made to our programs and operating divisions and our governance reflects this reality. Program-level IT decisions are governed and reviewed by our operating divisions.

At the Department-level, we have established three IT steering committees (ITSC) to bring together IT and program leaders from across the Department. These ITSCs take a functional view of our IT investments in the areas of health and human services IT, scientific research IT, and administrative and management IT along with our IT infrastructure, respectively. Collectively, these steering committees provide Department-wide oversight of our IT portfolio.

Efforts to Eliminate Duplication

In an IT portfolio as large and varied as HHS’s there is inevitably the potential for spending that appears duplicative or inefficient. We are constantly looking to identify these cases and determine where we can consolidate investments, systems, or acquisitions to meet the Department’s needs more effectively

Use of shared services is one way we avoid duplication within our IT portfolio. HHS is both a supplier and consumer of shared IT services. HHS operates a number of shared IT services supporting grants management, including Grants.gov, the government-wide platform for finding and applying for grants, and GrantSolutions.gov and Electronic Research Administration (eRA), two government-wide shared services platforms that support general grants management and extramural research grants management activities, respectively. Another example is in the area of shared acquisition—the National Institutes of Health’s (NIH) IT Acquisition and Assessment Center (NITAAC) administers a number of government-wide acquisition contracts that can be used by any Federal agency to acquire information technology products, services and solutions. A third example is the Program Support Center (PSC), a shared service center within HHS. The PSC provides shared services, including shared IT systems, to customers within HHS and across the Federal Government.

Data Center Consolidation

One way we are successfully increasing the efficiency of the Department’s IT portfolio is by consolidating data centers. In 2010, HHS identified over 200 data centers across the Department, and we developed a plan to close or consolidate roughly one quarter of them. Today, we are on our way to achieving this goal and have closed or consolidated almost 30 data centers since the Federal Data Center Consolidation Initiative (FDCCI) began.

We are excited about the evolution of the FDCCI – the new emphasis on optimizing core data centers with provides a better mechanism to elevate the efficiency and service delivery of HHS’s critical data center assets. Ultimately, this policy, when compared to a count-driven view of our inventory, will drive better mission delivery to the taxpayer. At a department with as diverse a range of missions as HHS, the focus on efficiency over count positions us to make decisions about our data center inventory that make the best use of our limited resources.

Cloud Computing

Cloud computing is another area that promises to transform how we approach IT at the Department. Decisions to move our systems to the cloud are generally motivated by cost savings, better performance, and more efficient maintenance, but the move also provides a path to keep our systems continuously modernized. In addition to these factors, by leveraging cloud platforms we take advantage of flexible, scalable, highly available tools that allow us to deliver services that meet the American public’s expectations – comparable to their interactions with business.

At the same time, we recognize that the promises of the cloud come with challenges – specifically, how to appropriately secure and protect the systems and information we move to the cloud. I’m happy to say that the Federal Risk and Authorization Management Program (FedRAMP) is proving to be an effective framework for addressing these challenges. A few weeks ago, HHS became the first agency to grant an Agency Authorization to Operate (ATO) for a cloud service provider through the FedRAMP process. In so doing, we made that provider’s services available to the entire Federal Government, and we built a replicable and effective process that we plan to use for other vendors in the coming months.

The ability to leverage this process will enable continuing adoption of cloud solutions at HHS. Already, we have moved a number of systems and applications, including the grants-management system GrantSolutions.gov and the Food and Drug Administration’s MedWatch+ system. Moving MedWatch+ in the cloud has reduced hosting costs by about 87% including just over $1 million in hardware costs. We continue to consider cloud solutions as we evaluate new investments and the modernization and enhancement of existing systems, and I anticipate that our use of the cloud will continue to grow as more providers receive FedRAMP security authorizations.

PortfolioStat

The PortfolioStat process has been a valuable tool to focus our efforts to look at our IT portfolio across the Department. We continue to work through this year’s PortfolioStat with the Office of Management and Budget (OMB), but I can say that we learned some valuable lessons in the first PortfolioStat.

First and foremost, the PortfolioStat process highlighted some places where we had challenges in assembling a Department-level view of some of our commodity IT activities. The lessons learned from that exercise, coupled with OMB’s simplification of the data collection process, are already providing us more timely information across the Department.

Second, the PortfolioStat provided a channel to discuss and prioritize Department-wide IT consolidation activities such as one of our more significant current activities, the Hire-to-Retire IT modernization program. Through the Hire-to-Retire program, we are moving the IT systems and activities supporting our core human resources, payroll, and time and leave functions to a shared service provider – effectively outsourcing a commodity activity, and getting to a better solution than we have in house, while realizing substantial operation cost efficiencies. By the conclusion of the Hire-to-Retire program, we will sunset at least 10 legacy systems, and we will have consolidated multiple conflicting HR data sources into a single authoritative system of record. In addition to the Hire-to-Retire program, we are also evaluating consolidation of our existing six email systems and moving email services to a cloud email provider, as other agencies have done, and looking at other opportunities to consolidate systems and acquisition of IT products and services.

Role of Agency Chief Information Officers

I understand that the role of department-level CIOs in driving all these efforts and in the direct management of departments’ IT portfolios is an ongoing subject of discussion. As the current CIO of HHS and former CIO of the Social Security Administration (SSA), and with years of experience in private-sector IT, I have a perspective on this discussion informed by experience with a variety of governance structures.

First, regardless of the organization, IT leaders need to work in partnership with business or program leaders. If just the IT experts or just the business experts always have the final say, inefficiencies may follow. There are two questions relevant to every IT investment decision: what are we trying to accomplish and how (technically) will we deliver that outcome? The question of “what” should be answered first by the business – but the question of “how” is where IT needs to be empowered to provide solutions. At HHS, we have leveraged the TechStat process, on top of our existing stage-gate review model to bring business and IT decision makers together to achieve more efficient outcomes. Two recent HHS TechStats have resulted in project-level cost savings and cost avoidance of almost $6 million dollars in FY 2012.

Second, regardless of the organization, there needs to be an enterprise-level IT perspective. Few effective private-sector organizations have subdivisions with total autonomy in the management of IT for any meaningful period. To operate as an enterprise requires someone to take the enterprise view. This is as true in IT as it is in program policy.

As the CIO at HHS, my job is to make sure that we effectively and efficiently manage our information resources. To be successful in that job, we need to maintain a governance structure that supports a strong business-IT partnership and ensures a place in decision-making for the enterprise view.